Possibly a lame idea but I want to share it anyway! Passwords for Guild Banks.

[anyaka21]

forcing someone to have an authenticator is also not the right answer. Basically because you are relying on a piece of technology to provide for your account security. So if 11million Cataclysms are sold, and 1% of those authenticators are defective, not really an unreasonable percentage. You're looking at 100,000 pissed off people.

[Contri]

you know a keylogger would log that password too right?

And some keyloggers even track if you use a onscreen keyboard ( You click key tabs with mouse ) aka taking a printscreen eachtime you're clicking in game etc..

[vesseblah]

Was it me? No idea. It boggled me when it happened, but in truth, didn't shock me, because of the way battle.net is set up. I knew for whatever or however reason, they knew may email account, thus i realized it was only a matter of time. I told myself I'd eventually get an authenticator, etc... just didn't.

But blaming the person that got hacked is really one of the stupidest excuses, or reasons out there. That's like telling a person who got shot, that it's their fault they stood in front of the person with a gun.

Blaming Blizzard or battle.net is almost as stupid, sorry.

If you have been following IT related news in past few weeks, you already know how most people are 'getting hacked'. I'm referring to the Google vs China thing. People who want to steal login info use innocent web pages to exploit zero-day attacks in common browsers or browser plugins. Because these are zero-day, no amount of virus scanning will show them either. There is really nothing you can do to prevent it except getting an authenticator. If you don't have one, then you're really the one to blame since those cost next to nothing now.

[evan_s]

forcing someone to have an authenticator is also not the right answer. Basically because you are relying on a piece of technology to provide for your account security. So if 11million Cataclysms are sold, and 1% of those authenticators are defective, not really an unreasonable percentage. You're looking at 100,000 pissed off people.

Plenty of ways to deal with that. Free replacement of a defective authenticator. Grace period for adding an authenticator to your account or when waiting for a replacement authenticator.

[vesseblah]

this area is the only area runescape beats blizzard at, banking, runescape has much bigger banks and you can set a bank pin which is 4 numbers and in order to access your bank you have to punch the 4 numbers in order, you have to do it each time you log in and only once, once you've logged on.

Runescape is a lot more hacker safe than WoW.

On-screen keyboards are just as easy to 'keylog' as regular keyboard. I'm sure you know programs that can do screen captures out of any game, even those that do not have built-in feature for it...

Now imagine screen capture program that goes off every time you press mouse button, and it saves just stamp sized piece of the screen instead of full view. Record first let's say 100 mouse clicks after game is started, and odds are those first 100 stamp-sized pictures have the on-screen password included.

The fact is, only currently hack-proof authentication for online services is one-time passwords, such as the blizzard authenticator or some number sheets you might get from online bank. Both are based on the fact that no matter how many old used numbers you collect and keylog, it's virtually impossible to guess the next number in the series.

[towelie]

Authenticator is 7€ or something, stop bitchin about free ones and just pay it. If you get hacked it's because of your own slack not buying one